5

CVE-2007-5513

The XML DB (XMLDB) component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 generates incorrect audit entries in the USERID column in which (1) long usernames are trimmed to 5 characters, or (2) short entries contain any extra characters from usernames in previous entries, aka DB23.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OracleDatabase Server Version9.2.0.8
OracleDatabase Server Version9.2.0.8dv
OracleDatabase Server Version10.1.0.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.9% 0.851
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://marc.info/?l=bugtraq&m=119332677525918&w=2
http://secunia.com/advisories/27251
Vendor Advisory
http://secunia.com/advisories/27409
http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html
http://www.securitytracker.com/id?1018823
http://www.us-cert.gov/cas/techalerts/TA07-290A.html
US Government Resource
http://www.vupen.com/english/advisories/2007/3524
http://www.vupen.com/english/advisories/2007/3626
http://securityreason.com/securityalert/3247
http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-oracle-xmldb-ftp-service/
http://www.securityfocus.com/archive/1/482426/100/0/threaded
http://www.securityfocus.com/bid/26107